Directive only for certain alias
Maxim Dounin
mdounin at mdounin.ru
Wed Aug 31 13:03:21 UTC 2011
Hello!
On Wed, Aug 31, 2011 at 08:43:53AM -0400, cicovy wrote:
> Hi guys!
> I've been using nginx for a while and I'm very pleased with it's
> performance. However, I didn't manage to setup one thing, maybe someone
> has an idea...
>
> Before using nginx, I used apache and I had a configuration similar to
> the next one for certain alias, which I want to force client SSL
> requirement and for other areas of the site I didn't need that. I've
> posted the example of apache configuration below. Is there anything
> similar for this in nginx? I need to have "ssl_verify_client optional;"
> in certain aliases and "ssl_verify_client on;" in 2 of my aliases.
No way, ssl_verify_client may only be configured at server{} level
in nginx (as nginx neither use nor allow renegotiation of SSL/TLS
connections).
Please also note that such setups (regardless of the specific
server software used) do require renegotiation. Secure one is
only available in products less than 2 years old, see [1].
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
Maxim Dounin
More information about the nginx
mailing list